Root cause/solution for "warning: directory permissions differ"

skimj · 2016-12-01 16:36:57

I have a fairly fresh install (few months ago) but now it seems like whenever I do an upgrade or installation of a new package, I get a directory permissions warning. For example:

warning: directory permissions differ on <directory>
filesystem: 750  package: 755

In every case that I can remember, my system has more restrictive permissions (750) than what the package has (755). Searching the forums, I find lots of posts to the same effect, where the provided "solution" is to change the permissions with chmod.

I am certainly capable enough to change the permissions whenever this occurs to silence the warning (and to keep true to the package and hopefully the upstream source if it matters and where the relaxed permissions are acceptable) but that feels like playing whack-a-mole. What I don't understand is why would a fresh install conflict with current packaging? Was there a fundamental change in the packaging strategy in the last few months, like a change in default permissions? Did the install use a UMASK xxx7 that circumvented the packages' desired permissions? Is there some other root cause for this?

ayekat · 2016-12-01 16:46:37

Depends... what kind of packages are we talking about?
For instance, there is a package bug in lighttpd (see FS#51931), so there it's possible that you might run into permission issues there even if you haven't changed anything at all. But I haven't encountered that issue with other packages yet.

skimj · 2016-12-02 18:20:02

It is quite widespread, definitely not just due to one package or another. It seems more like "the packaging standard is 755" (at least, by default) whereas the "installer did 750".

Last edited by skimj (2016-12-03 00:58:00)

ayekat · 2016-12-02 21:53:54

Would you mind posting your /var/log/pacman.log from the last update? This way we could see which packages cause the issue, on which files, and other useful info.

skimj · 2016-12-06 06:29:38

I didn't realize until I looked through the log that all occurrences are subdirectories or /etc/

Here is the pacman.log from recent operations showing two occurrences:

[2016-12-01 08:50] [PACMAN] Running 'pacman -S rsync'
[2016-12-01 08:50] [ALPM] transaction started
[2016-12-01 08:50] [ALPM] warning: directory permissions differ on /etc/xinetd.d/
filesystem: 750  package: 755
[2016-12-01 08:50] [ALPM] installed rsync (3.1.2-2)
[2016-12-01 08:50] [ALPM] transaction completed
[2016-12-04 08:48] [PACMAN] Running 'pacman -Syu'
[2016-12-04 08:48] [PACMAN] synchronizing package lists
[2016-12-04 08:48] [PACMAN] starting full system upgrade
[2016-12-04 08:48] [ALPM] transaction started
[2016-12-04 08:48] [ALPM] upgraded archlinux-keyring (20161101-1 -> 20161201-1)
[2016-12-04 08:48] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
[2016-12-04 08:48] [ALPM-SCRIPTLET] gpg: WARNING: server 'gpg-agent' is older than us (2.1.15 < 2.1.16)
[2016-12-04 08:48] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
[2016-12-04 08:48] [ALPM-SCRIPTLET] ==> Importing owner trust values...
[2016-12-04 08:48] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
[2016-12-04 08:48] [ALPM-SCRIPTLET]   -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
[2016-12-04 08:48] [ALPM-SCRIPTLET] ==> Updating trust database...
[2016-12-04 08:48] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2017-01-01
[2016-12-04 08:48] [ALPM] upgraded npth (1.2-1 -> 1.3-1)
[2016-12-04 08:48] [ALPM] warning: directory permissions differ on /etc/pacman.d/
filesystem: 750  package: 755
[2016-12-04 08:48] [ALPM] warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
[2016-12-04 08:48] [ALPM] upgraded pacman-mirrorlist (20161121-1 -> 20161203-1)
[2016-12-04 08:48] [ALPM] upgraded zlib (1.2.8-4 -> 1:1.2.8-7)
[2016-12-04 08:48] [ALPM] upgraded pinentry (0.9.7-3 -> 1.0.0-1)
[2016-12-04 08:48] [ALPM] upgraded sqlite (3.15.1-2 -> 3.15.2-1)
[2016-12-04 08:48] [ALPM] upgraded python2-cryptography (1.5.3-1 -> 1.6-1)
[2016-12-04 08:48] [ALPM] transaction completed
[2016-12-04 08:48] [ALPM] running 'texinfo-install.hook'...
[2016-12-04 08:48] Exited with code 0

Full log: http://www.filedropper.com/pacman_2

ayekat · 2016-12-06 08:04:33

Are there any other directories with odd permissions in /etc?
For instance, if I search for files that are not 0644 (regular files) or 0755 (directories), I get the following:

$ ls -ld $(find /etc -mindepth 1 -maxdepth 1 '(' -type d -not -perm 0755 ')' -o '(' -type f -not -perm 0644 ')')
-rw-r----- 1 root daemon  144 Aug 31 15:38 /etc/at.deny
-rw-r----- 1 root brlapi   33 Aug 30 21:18 /etc/brlapi.key
-rw------- 1 root root    958 Nov 30  2014 /etc/crypttab
---------- 1 root root   1025 Dec  1 11:35 /etc/gshadow
---------- 1 root root   1015 Nov 30 21:49 /etc/gshadow-
-r--r--r-- 1 root root     33 Jan  9  2014 /etc/machine-id
-r--r--r-- 1 root root   6298 Oct 20 19:28 /etc/mail.rc
-rwxr-xr-x 1 root root   1644 Sep 10 17:36 /etc/nftables.conf
-rw------- 1 root root      0 Jan  9  2014 /etc/.pwd.lock
-rw-r----- 1 root named   118 Sep  7  2014 /etc/rndc.key
---------- 1 root root   1112 Dec  1 11:35 /etc/shadow
---------- 1 root root   1092 Nov 28 13:23 /etc/shadow-
-r--r----- 1 root root   3214 Nov 23  2015 /etc/sudoers
drwxr-x--- 2 root root   4096 Oct  1  2013 /etc/sudoers.d

I would suggest fixing the permissions on directories that conflict with pacman now, and then see whether you run into the same issue again during later upgrades.

But that shouldn't happen just out of the blue... are you running some kind of "security" software that chmods directories?

skimj wrote:

Full log: http://www.filedropper.com/pacman_2

Please use a sane paste service.
That one doesn't allow me to view the file in-browser, and the download button doesn't work without Javascript - and if JS is enabled, I get ads all over my screen, and it requires me to type a captcha, and then the download nevertheless fails for no apparent reason.

skimj · 2016-12-06 21:23:28

ayekat wrote:

Are there any other directories with odd permissions in /etc?
<snip>
I would suggest fixing the permissions on directories that conflict with pacman now, and then see whether you run into the same issue again during later upgrades.
But that shouldn't happen just out of the blue... are you running some kind of "security" software that chmods directories?

I'm not running any security software as such. Almost all are 750, except those I've since changed and a few that are more restrictive. I certainly can just "fix" them but it goes back to my overall question about a root cause.

Sorry about the file share, I don't like using pastebin for long files, but in any case: http://pastebin.com/1nWTJqPV

Last edited by skimj (2016-12-06 21:25:09)

ayekat · 2016-12-07 11:17:12

Hmm... I couldn't find anything suspicious in those logs (apart from some runs of `pacman -Sy`, but never in a way that would cause any issues ). I can also confirm that setting a umask does not have any influence on how pacman installs files.

The only thing I can think of is that perhaps there is something in /etc/tmpfiles.d or /usr/lib/tmpfiles.d that sets the permissions on those files at bootup. But if you haven't touched anything in there, that's a dead end, too.

What file system have you installed Arch Linux to? ext4? or something else?
I'm running out of ideas...

skimj · 2016-12-07 15:32:17

I have two machines set up and it's happening on both: one has btrfs, the other has ext4.

(The `pacman -Sy` runs were from a script I was working on in which I wanted a re-synced database, I believe that is the correct usage but I am still new the Arch/pacman so I could be wrong.)

ayekat · 2016-12-07 22:11:12

Those `pacman -Sy` calls shouldn't be an issue here (although it's generally discouraged). And given that you're running both an ext4 and btrfs setup, that can't be the reason either.

Just to point out this: the issue has started on october 21 - right here:

[2016-10-20 15:30] [PACMAN] Running 'pacman -Syu'
[2016-10-20 15:30] [PACMAN] synchronizing package lists
[2016-10-20 15:30] [PACMAN] starting full system upgrade
[2016-10-20 15:30] [ALPM] transaction started
[2016-10-20 15:30] [ALPM] upgraded gnutls (3.4.15-1 -> 3.4.16-1)
[2016-10-20 15:30] [ALPM] upgraded grep (2.25-2 -> 2.26-1)
[2016-10-20 15:30] [ALPM] upgraded iproute2 (4.7.0-1 -> 4.8.0-1)
[2016-10-20 15:30] [ALPM] upgraded libedit (20160618_3.1-1 -> 20160903_3.1-1)
[2016-10-20 15:30] [ALPM] warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
[2016-10-20 15:30] [ALPM] upgraded pacman-mirrorlist (20161009-1 -> 20161013-1)
[2016-10-20 15:30] [ALPM] upgraded sqlite (3.14.2-1 -> 3.15.0-1)
[2016-10-20 15:30] [ALPM] upgraded python2-setuptools (1:28.3.0-1 -> 1:28.6.1-1)
[2016-10-20 15:30] [ALPM] upgraded s-nail (14.8.10-1 -> 14.8.12-1)
[2016-10-20 15:30] [ALPM] transaction completed
[2016-10-20 15:30] [ALPM] running 'texinfo-install.hook'...
[2016-10-20 15:31] [PACMAN] Running 'pacman -S xdg-user-di'
[2016-10-20 15:33] [PACMAN] Running 'pacman -S xdg-user-dirs'
[2016-10-20 15:33] [ALPM] transaction started
[2016-10-20 15:33] [ALPM] installed xdg-user-dirs (0.15-4)
[2016-10-20 15:33] [ALPM-SCRIPTLET] Created symlink /etc/systemd/user/default.target.wants/xdg-user-dirs-update.service → /usr/lib/systemd/user/xdg-user-dirs-update.service.
[2016-10-20 15:33] [ALPM] transaction completed
[2016-10-21 15:40] [PACMAN] Running 'pacman -Syu'
[2016-10-21 15:40] [PACMAN] synchronizing package lists
[2016-10-21 15:40] [PACMAN] starting full system upgrade
[2016-10-21 15:40] [ALPM] transaction started
[2016-10-21 15:40] [ALPM] upgraded tzdata (2016g-1 -> 2016h-1)
[2016-10-21 15:40] [ALPM] upgraded ca-certificates-mozilla (3.26-1 -> 3.27.1-1)
[2016-10-21 15:40] [ALPM] warning: directory permissions differ on /etc/
filesystem: 750  package: 755
[2016-10-21 15:40] [ALPM] warning: directory permissions differ on /etc/dbus-1/
filesystem: 750  package: 755
[2016-10-21 15:40] [ALPM] upgraded dbus (1.10.10-3 -> 1.10.12-1)
[2016-10-21 15:40] [ALPM] transaction completed

There is a `pacman -Syu` on october 20, where the issue does not arise, then an installation of `xdg-user-dirs`, and from then on, all packages that interact with /etc are somehow running into conflicts. I would be tempted to say that xdg-user-dirs is the cause, but I can't quite see how; this might just be an odd coincidence.

I assume these are the logs of one of your two machines - would you mind posting the other one, too?

skimj · 2016-12-07 22:54:09

Unfortunately, I've blown that one away and rebuilt, no useful log yet. I've got one other sandbox vm that I created 2016-06-02 that is not having this issue and it also had xdg-user-utils installed. I just wasted an hour reading the package and source files for xdg-user-utils and as expected I don't see anything in there that looks suspect.

Arch Linux

#1 2016-12-01 16:36:57

Root cause/solution for "warning: directory permissions differ"

#2 2016-12-01 16:46:37

Re: Root cause/solution for "warning: directory permissions differ"

#3 2016-12-02 18:20:02

Re: Root cause/solution for "warning: directory permissions differ"

#4 2016-12-02 21:53:54

Re: Root cause/solution for "warning: directory permissions differ"

#5 2016-12-06 06:29:38

Re: Root cause/solution for "warning: directory permissions differ"

#6 2016-12-06 08:04:33

Re: Root cause/solution for "warning: directory permissions differ"

#7 2016-12-06 21:23:28

Re: Root cause/solution for "warning: directory permissions differ"

#8 2016-12-07 11:17:12

Re: Root cause/solution for "warning: directory permissions differ"

#9 2016-12-07 15:32:17

Re: Root cause/solution for "warning: directory permissions differ"

#10 2016-12-07 22:11:12

Re: Root cause/solution for "warning: directory permissions differ"

#11 2016-12-07 22:54:09

Re: Root cause/solution for "warning: directory permissions differ"

Board footer